Select Country

SecureAnywhere™ Business Endpoint Protection

Controlling Files Independently

Do It Yourself Overrides

The web-based management console allows for easy management over end-user policies via an intuitive user interface. The endpoint device control console provides full management over every endpoint, including the ability to centrally create and manage whitelists, blacklists, and file overrides. File overrides give administrators greater control over the files and applications that are allowed within their environments, eliminating the need for vendor intervention and ultimately saving time.

Total Cost:

SILENT AUDIT POLICY

A major issue when deploying any new anti-malware technology, is the potential to detect existing applications and programs as malware and block or quarantine them. The most damaging result can be ‘false positives’ where a ‘good’ application is deemed ‘bad’ and blocked. A ‘false negative’ where a ‘bad’ program is deemed ‘good’ has the potential to do immense damage over time as well.

To avoid blocking legitimate applications or allowing any ‘bad’ ones to run, Webroot SecureAnywhere® provides administrators with the ability to run their endpoints in ‘Silent Audit’ mode, which places the agent in a reporting-only configuration. This compliments Webroot SecureAnywhere’s ability to run alongside existing installed antivirus technology without conflict.

The Silent Audit Mode only reports on what it finds, rather than enforcing the policies. This allows an administrator to quickly establish what Webroot SecureAnywhere would deem as ‘malicious’ within their network and quarantine or block prior to any active policy enforcement.

Genuinely ‘bad’ applications like key loggers could be used legitimately for compliance or audit purposes within certain departments. In these cases it is possible to denote the keylogger as ‘good’ for certain user groups but treat it as malicious for others.

By giving this complete visibility over the applications running in the network, administrators are able to tailor Webroot SecureAnywhere to suit their policies, users and IT infrastructure, without any disruptions.

WEB-BASED MANAGEMENT CONSOLE

Video: Web Based Management Console

The Webroot SecureAnywhere® web-based management console can be accessed via any web browser by entering a user name and password, plus an individual security code that ensures only legitimate Administrators will gain access. Additional administrators can be added and given varied access permissions to ensure the appropriate levels of control over policies, reporting, alerting and management of endpoints.

The ‘Home’ page of the management console provides links to Endpoint Security, Mobile Security and the Webroot Community.

By providing an instant overview of protected endpoints and their current statuses, plus the ability to drill into the details directly from the Status Page, administration is greatly simplified. The Webroot SecureAnywhere management console allows you to access all the features needed for viewing, remotely interacting with and managing endpoints under clear headings that include:

Group Management: Groups help to organize endpoints for easy management. You can view groups and each endpoint within these groups, and select individual endpoints to see scan histories or initiate remote agent commands.

Reports: Reports show threats and unidentified software present on your network, and the versions of Webroot SecureAnywhere software running on your endpoints.

Overrides: Overrides give you administrative control over the files that are allowed in your environments. You can override files as Good or Bad and apply these overrides globally, or by policy when needed.

Management Console – Status Page

By clicking on the Endpoint Security tab, the Administrator is taken to the Status page, which provides a complete overview of all deployed endpoints. The status page also gives the ability to drill into details directly, greatly simplifying user administration.

The Status Page shows:

An alert notification if any managed endpoints need attention. By clicking the notification, administrators can access a list of endpoints that have recently encountered threats.

A bar chart showing the number of endpoints that have encountered threats in the last 7 days. Clicking the chart allows the administrator to see a detailed list of those endpoints.

A pie chart detailing the Webroot SecureAnywhere software version deployed across all managed endpoints, which gives helpful insight to any agents that have not checked in.

Endpoint activity, which shows the number of endpoints that are managed by Webroot SecureAnywhere, based on a time period selected from a drop-down menu.

A list of recently infected endpoints which can be drilled into to view the infections on each endpoint and view the associated policies.

An information panel showing the most recent threat information with links to Education Videos; Release Notes and Webroot News.

REMOTE CONTROL AGENT COMMANDS

The console is very easy to navigate and is very quick to browse giving visibility of all systems quickly with a lot of customized features.

Agent Commands are remote instructions that an endpoint agent puts into immediate effect upon checking in with the Webroot SecureAnywhere® Management Console. They are the most powerful set of controls within Webroot SecureAnywhere because they allow an Administrator to have full control. As such, access to Agent Commands is strictly enforced by the level of administration access rights given to individual Administrators.

Agent Commands may be issued to an individual endpoint agent or to all endpoint agents within a group.

Video: Agent Commands

There are eight levels of Agent Commands, and the first lets an Administrator activate a variety of built-in features within the endpoint Agent, these are:

Agent – Agent Commands

Scan: Initiate a scan in the background

Change Scan Time: Specify a new recurring scan time for the endpoint.

Scan Folder: Specify a folder to scan.

Clean up: Start a scan and automatically quarantine malicious files.

System Cleaner: Initiate the System Cleaner.

Uninstall: Uninstall the Webroot SecureAnywhere Agent from an endpoint.

Reset System Policies: Resets system policies (for example, if the Task Manager is disabled).

Restore File: Restores all files matching the specified MD5 from quarantine to their original locations, and removes the entry from quarantine.

Files and Processes Commands

Reverify All Files and Processes: Re- verifies the contents of the endpoint's local database when the next scan is run.

Consider All Items as Good: Considers all current items on an endpoint as ‘known good’ and safe to run.

Allow Processes Blocked by Firewall: Allows communication for all processes that are currently blocked by the Firewall setting.

Kill untrusted: Stops processes that are not white-listed. These processes will be stopped immediately, but will not be prevented from running again.

Identity Shield Commands

Allow Application: Enter the MD5 of an application to Allow..

Deny Application: Enter the MD5 of an application to Deny.

Allow All Denied Applications: Set all Deny applications to Allow.

Protect an Application: Enter the MD5 of an application, and change it from Allow to Protect.

Unprotect an Application: Changes the application’s setting from Protect to Allow.

Advanced Agent Commands

Run Customer Support Script: Runs a clean-up script that has been provided by Webroot Support and requires a network path to the file that is specified.

Customer Support Diagnostics: Runs a Webroot SecureAnywhere log-gathering utility to collect information about any endpoint.

Download and Execute a File: Specify a file's direct URL, then download and run it. Administrators can also specify command-line options; for example, specify the /s parameter so that the file you download runs silently, in the background.

AGENT VISIBILITY AND CONTROL

The console is very easy to navigate and is very quick to browse giving visibility of all systems quickly with a lot of customized features.

Overrides empower Administrators by giving them the control to override automated file determinations made by the Webroot® Intelligence Network™. Overrides can be applied to the entire organization or to an individual policy that only affects a subset of users.

For example, if an administrator decided that their users should not be allowed to use a specific program, such as torrent software, the administrator can use an override to flag the file as ‘Bad’ during scans and quarantine it. This allows administrators to stop endpoints from running undesirable applications.

Video: Overrides

Alternatively, if corporate policies change or a blocked application needs to be restored, administrators also have the ability to reverse any overrides and restore the files from quarantine.

Overrides may be applied from several locations within Webroot SecureAnywhere®:

From the Overrides tab in the Management Console

From the Group Management tab in the Management Console

From the Reports tab in the Management Console

From any area of the Management console that offers the ‘Create override’ option flag

As stated above, overrides may be applied globally or applied to individual policies. For example, an MD5 file might be treated as ‘Bad’ at the global level and ‘Good’ at the individual policy level. A real world example of this would be a keylogger program that is used legitimately by the IT department to have audits for financial compliance in a trading room, but would be considered malicious if active on any other department’s endpoints.

Overrides are also a powerful way of blocking attacks as an administrator is immediately in a position to stop applications that have compromised or are causing the spread of an infection.

ENDPOINT POLICY MANAGEMENT

Video: Policies

The Endpoint Policy Management within Webroot SecureAnywhere® gives administrators extensive control over environments without over-complicating the task of creating and managing policy. The simple on/off approach makes it extremely easy to define the policy behavior of Webroot SecureAnywhere on endpoints.

Endpoint policy modifications may initially be saved as draft changes before promoting them to a ‘live’ status and policies may also be exported as .csv files. This is especially useful for organizations with change control and auditing requirements, because any necessary reviews or revisions may be made before deployment. It also gives administrators the ability to share policy changes for approval, re-name them, or assign different sets of users to the revised policies.

Any administrator with the appropriate permissions can create policies and assign them to individual endpoints or groups of users. For example, you can create a policy that does not show any signs of Webroot SecureAnywhere being installed, so it doesn’t appear as a system tray icon and is not listed within the program list in the start menu.

A number of default policies are supplied as standard and these are easily modified, re-named and assigned to a user or groups of users. By default, all new users are assigned to the Default Group but can easily be moved to any other Policy.